SoK: Ex­ploit­ing Net­work Prin­ters

Jens Mül­ler, Vla­dis­lav Mla­de­nov, Juraj So­mo­rovs­ky, Jörg Schwenk

38th IEEE Sym­po­si­um on Se­cu­ri­ty and Pri­va­cy (S&P 2017)


Ab­stract

The idea of a pa­per­less of­fice has been drea­med for more than three deca­des. Howe­ver, no­wa­days prin­ters are still one of the most es­sen­ti­al de­vices for daily work and com­mon In­ter­net users. In­s­tead of get­ting rid of them, prin­ters evol­ved from sim­ple prin­ting de­vices to com­plex net­work com­pu­ter sys­tems in­stal­led di­rect­ly in com­pa­ny net­works, and car­ry­ing lots of con­fi­den­ti­al data in their print jobs. This makes them to an attrac­tive at­tack tar­get. In this paper we con­duct a large scale ana­ly­sis of prin­ter at­tacks and sys­te­ma­ti­ze our know­ledge by pro­vi­ding a ge­ne­ral me­tho­do­lo­gy for se­cu­ri­ty ana­ly­ses of prin­ters. Based on our me­tho­do­lo­gy we im­ple­men­ted an open-sour­ce tool cal­led PRin­ter Ex­ploi­ta­ti­on Tool­kit (PRET). We used PRET to eva­lua­te 20 prin­ter mo­dels from dif­fe­rent ven­dors and found all of them to be vul­nerable to at least one of the tested at­tacks. These at­tacks in­clu­ded, for ex­amp­le, sim­ple De­ni­al-of-Ser­vice (DoS) at­tacks or skil­led at­tacks extrac­ting print jobs and sys­tem files. On top of our sys­te­ma­tic ana­ly­sis we re­veal novel in­sights that enable at­tacks from the In­ter­net by using ad­van­ced cross-si­te prin­ting tech­ni­ques com­bined with prin­ter CORS-Spoo­fing. Fi­nal­ly, we show how to apply our at­tacks to sys­tems bey­ond ty­pi­cal prin­ters like Goog­le Cloud Print or do­cu­ment pro­ces­sing web­sites. We hope that novel as­pects from our work will be­co­me the fo­un­da­ti­on for fu­ture re­se­ar­ches, for ex­amp­le, for the ana­ly­sis of IoT se­cu­ri­ty.

[html] [html] [pdf]

Tags: Cross-Si­te Prin­ting, PJL, Post­Script, Prin­ter Se­cu­ri­ty